Posted by: David Harley | December 11, 2017

Banking Trojans on Google Play

Lukas Stefanko, for ESET, tells us how Banking malware on Google Play targets Polish banks

Extract: “Another set of banking Trojans has found its way past Google Play’s security mechanisms, this time targeting a number of Polish banks. The malware managed to sneak into Google Play disguised as seemingly legitimate apps “Crypto Monitor”, a cryptocurrency price tracking app, and “StorySaver”, a third-party tool for downloading stories from Instagram.”

David Harley

Posted by: David Harley | December 11, 2017

GuardSquare warns of Android vulnerability ‘Janus’

GuardSquare warns that a New Android vulnerability allows attackers to modify apps without affecting their signatures.

“A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures… a file can be a valid APK file and a valid DEX file at the same time…

…Google has released a patch to its partners in November. They have published the bug (CVE-2017-13156) in the Android Security Bulletin on December 4, 2017.”

David Harley

Posted by: David Harley | December 8, 2017

More Apple updates

Further patches for the High Sierra kernel and some other bits and bobs, following the recent emergency patch for a login fiasco and an iOS update at the weekend.

Shaun Nichols for The Register: Apple gets around to patching all the other High Sierra security holes – Another week, another Mac patch to install

Zeljka Zorz for HelpNet: Apple users, it’s time for new security updates

David Harley


Posted by: David Harley | November 30, 2017

These may be the droids you’re looking for…

Richard Chirgwin for The Register: Surprise: Android apps are riddled with trackers – Hundreds of apps put snoops to work, and then there’s ‘supersonic tone tracking’

On the other hand, Lisa Vaas for Sophos advises us of an interesting security feature on its way: Google AI lets phone owners know about shoulder surfers

David Harley

Posted by: David Harley | November 30, 2017

iOS security weakening?

Oleg Afonin for ElcomSoft is sceptical about the security of iOS 11:  iOS 11 Horror Story: the Rise and Fall of iOS Security.

If correct, pretty alarming. I shall be interested to see what reactions hit the fan…

David Harley

Posted by: David Harley | November 30, 2017

iOS Jailbreaking – on the Way Out…

I hadn’t thought about jailbreaking for ages, but MacRumors points out: Two Major Cydia Repositories Shut Down as Jailbreaking Fades in Popularity.

Extract from the article:

“What do you get in the end?” asked Cydia creator Jay Freeman, in an interview withMotherboard. “It used to be that you got killer features that almost were the reason you owned the phone. And now you get a small minor modification.”

David Harley

Posted by: David Harley | November 29, 2017

Apple plugs hole in Root canal

This issue came up while I was occupied elsewhere, so I’ve included some links explaining the problem. However, the crucial thing is that Apple has published (with commendable speed) a fix for the issue with High Sierra 10.13.1 (apparently earlier builds aren’t impacted).

Sophos: Apple closes that big root hole – “Install this update as soon as possible”

Apple’s announcement

Apple’s update:  Security Update 2017-001

Sophos on the problem: Apple Macs have gaping root hole – here’s a superquick way to check and fix it

The Register: As Apple fixes macOS root password hole, here’s what went wrong “While you patch your Mac, take a look at what upset the Apple cart this week”

The Register (earlier): Pro tip: You can log into macOS High Sierra as root with no password – Apple, this is Windows 95 bad – but there is a workaround to kill the bug 

David Harley

Posted by: David Harley | November 19, 2017

Android crackdown on misuse of accessibility services

ZDnet: Android security: Google cracks down on apps that want to use accessibility services

Danny Palmer: “Measure would prevent feature designed for aiding disabled users from being abused by malicious apps — but could force changes for popular apps, too.”

David Harley

Posted by: David Harley | November 19, 2017

Android’s out-of-date devices

For ZDnet, Liam Tung describes Android’s big problem: Over a billion devices are more than two years out of date. (I do hate pages that enforce videos…)

It’s based on rather an interesting article, though, by Dan Luu: How out of date are android devices?

David Harley

Posted by: David Harley | November 6, 2017

Android: fake WhatsApp app

Pierluigi Paganini: Fake WhatsApp app in official Google Play Store downloaded by over a million Android users.

“The Reddit user DexterGenius has decompiled the fake WhatsApp version and discovered it is an ad-loaded wrapper which included the code to download a second apk.”

David Harley

Older Posts »